Ubuntu Security Notice 2456-1 - Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
7f4272feef6a66ff929086843b468985c782176a57765ca3dfe31b71f12b8b84Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.
ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876aGentoo Linux Security Advisory 201111-11 - A buffer overflow flaw in GNU Tar could result in execution of arbitrary code or a Denial of Service. Versions less than 1.23 are affected.
3746f20494ec74f44d0067f12fceb02ac3f5570f1a17f9920a98a8a2780ca5e7VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.
d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210Mandriva Linux Security Advisory 2010-065 - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more (colon) character. The Tar package as shipped with Mandriva Linux is not affected by this vulnerability, but it was patched nonetheless in order to provide additional security to customers who recompile the package while having the rsh package installed. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
c76ad343a946323626106b13f5b4855856acd6a8f4429eacd64b5224b9fafda3GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.
d24150b634cab2351df08efe4449b09dfe98932abdb966b3ab00c97293fcd9c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed